1

Future features

Use this topic for suggesting new features or ideas for future development / use of ACME.

11 replies

null
    • chin
    • 5 yrs ago
    • Reported - view

    Magnus Andriy Mahats Is it possible to implement HTTP-01 challenge of Buypass to follow HTTP to HTTPS redirect to validate at least on the same domain (e.g. Redirect http://example.com to https://example.com to complete validation should be valid) ?

    Today most SLL enable website HTTPS redirection on their own domain.

    RFC8555 also permit to follow redirect: https://tools.ietf.org/html/rfc8555#section-8.3

    Let's Encrypt implements this follow redirect mechanism since 2018 or before: https://community.letsencrypt.org/t/i-must-turn-off-https-redirect-to-renew/70415/4

      • Andriy_Mahats
      • 5 yrs ago
      • Reported - view

      Hi chin 

       

      We plan to implement following of redirects.

      However, the ETA of it is unknown.

       

      Regards,

      Andriy

      • Andriy_Mahats
      • 5 yrs ago
      • Reported - view

      Hi chin

       

      We added support for following of redirects during the http challenge validation.

      It is now available in production and test environments.

       

      Regards,

      Andriy

    • fomm
    • 5 yrs ago
    • Reported - view

    Hi Buypass,

     

    Thanks for the new release to support 5 FQDNs now.

    I do notice that domains in puny code is not supported.

    I was getting below response when I was trying to get a certificate in puny code.

     

     Array (

        [type] => urn:ietf:params:acme:error:rejectedIdentifier

        [detail] => Domain is rejected as high-risk [code] => 403

        [message] => REJECTED_IDENTIFIER

        [details] => HTTP 403 Forbidden

     

    May I ask if you have any plan to allow certificates in puny code? I know there aren't too many people using utf-8 domains, it will still be nice for you to support it.

     

    Thank you.

      • Andriy_Mahats
      • 5 yrs ago
      • Reported - view

      Hi fomm 

       

      While we recognize that international domain names serve an important purpose, we are more concerned about their possible utilization in phishing attacks.

      We do support punycode, but only for western European characters.

       

      Regards,

      Andriy

    • vgk
    • 3 yrs ago
    • Reported - view

    Please add support for issuing S/MIME certificates using the RFC 8823 extension for ACME and EMAIL-01 validation. 

    • Mads_Henriksveen
    • 3 yrs ago
    • Reported - view

    Hi  Venu Kakarla

    Thank you for your proposal.

    We do not currently issue S/MIME certificates, but if we should decide to do so, we will consider this.

    Regards

    Mads 

    • Steven_Haigh
    • 2 yrs ago
    • Reported - view

    I have a couple of requests:

    1) Respect the 'Must Staple' extensions for the certificate. I believe at the moment, the certificate is issued, but without stapling enabled - ie the option is silently ignored.

    2) Add support for secp384r1 keys

      • QA
      • mkon
      • 2 yrs ago
      • Reported - view

      Steven Haigh Thank you for the request. We will consider adding support for the topics in your request and will come back with more information later.

      • Steven_Haigh
      • 2 yrs ago
      • Reported - view

      mkon Thanks for the reply!

      I believe at the moment it is not possible to validate IPv6 only hosts. Is this on the roadmap at all?

      • QA
      • mkon
      • 2 yrs ago
      • Reported - view

      Steven Haigh Yes, but i have no timeframe right now.

Content aside

  • 1 Likes
  • 2 yrs agoLast active
  • 11Replies
  • 1208Views
  • 11 Following